If you want to destroy a business, all you need is about $300 and knowing where to spend it.
Peter Bailey, head of cybersecurity at Theta, says that on the dark web, a part of the internet accessible only with specialized software, criminal enterprises are becoming more complex, streamlined and professional.
As the global pandemic has moved much of the workforce online, a rush of cybercriminals is taking the opportunity to attack online infrastructure, and they’re making big money.
In 2021, Cert NZ reported that nearly $17 million was lost to cybercrime in New Zealand. Global researcher CyberSecurity Ventures estimates that the cybercrime industry will be worth US$10.5 trillion (NZ$16.8 trillion) per year by 2025.
And as the market grows, attacks become much easier for criminal customers to access.
* Five Ways Small Businesses Can Evade Cybersecurity Threats
* Ransomware attacks worldwide, including cyber insurance agencies
* Dealing with cybercrime: Some New Zealand businesses ‘feel they have no choice but to pay’
The idea of a “hacker” has fundamentally changed since the early days of the Internet, says Bailey.
In the early days of the Internet, people thought of a hacker as a lone operator, he says.
But now that big money is on the line, hackers have become a comprehensive, multi-faceted business, with standardized practices, hiring processes and high levels of organization, he says.
People skilled in coding can create a ransomware program without mounting an attack themselves, people skilled in marketing sell the product, and people in call centers skilled in persuasion gently guide victims through paying the ransom, says -he.
“Over the past five years, these companies have developed such a high level of automation that understanding the software is no longer necessary to launch a serious attack on a business,” Bailey says.
Three years ago, Bailey was shocked to see that ransomware could be bought as a service, like any other SaaS company.
Ransomware is a popular type of attack in which a victim’s files are held for ransom by malicious software put on the network by a hacker.
Previously, if you wanted to take down a company, you had to create the ransomware yourself, a long and specialized business, says Bailey.
Now, a cybercriminal can purchase a ready-made ransomware program online for between $200 and $350, he says.
Ransomware is sold on dark web marketplaces, alongside guns, drugs, stolen credit cards, identities and “anything and everything that is illegal,” he says.
These markets look like a “slightly offbeat Trade Me,” he says.
“These places operate very similarly to Trade Me, except they sell credit cards, passports, medical information. Sellers have star ratings based on user reviews and can be removed from the site if they sell defective products. It is a thriving market that keeps users at a certain level.
One section of the marketplace sells “feet,” which are vulnerabilities in an enterprise that can be used to take over an entire system.
“A foothold is found when a group of hackers focus on a particular company and gain access to its vulnerabilities. You can do a lot with automated analysis and bots. From there, they sell that information about particular organizations to hackers who might want to attack that business,” says Bailey.
There are thousands of New Zealand devices and companies available on the dark web.
On an invitation-only dark web marketplace called Genesis, criminals can purchase access to online profiles.
Genesis has thousands of New Zealand user profiles for sale between $2 and $70.
A screenshot of a profile seen by Things is linked to hundreds of websites and accounts, including Google, Office 365, Trade Me, Paypal and Facebook.
Profiles are collected by robots that are programmed to delete a person’s browser login data.
There are over 2000 active bots in New Zealand on Genesis. In Australia, there are only 1500.
“It is quite concerning that we have more than Australia, but it is not surprising. Australia has more maturity in the market, more security and a focus of its government on cyber. Unfortunately, we are a little more relaxed,” says Bailey.
It is worrying how much New Zealand information is for sale on dark web markets, he says.
“Small businesses think they’re too small to be targeted…the reality is that if you have information about someone, you’re a target.”
Launching a ransomware campaign on a business costs $200 plus the time it takes to execute. If you needed a foot to get into the business, it would cost an extra $15-20.
In total, therefore, it is possible to dismantle a New Zealand company for as little as US$215, he says.
Jordan Speering, general manager of incident response, says activity on the dark web is a lot closer than people think.
“For New Zealand businesses, the biggest cyber threats are data leaks or information harvesting. These are the main activities that people need to be aware of,” says Speering.
Even if a company does not plan to enter the dark web, it may be forced into it if it falls victim to an attack.
“When companies are ‘ransomware’, the payment systems involved often direct people to dark websites. These attacks start with information on the dark web, but then payment is also received on the dark web.
With the amount of money hackers are making, the problem is unlikely to go away any time soon, he says.
“Economic models are becoming more and more refined. It’s all part of the guarantee that they get paid for the work they did, regardless of whether the work they did was a crime.